pnpm
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official source code and documentation from well-known and reputable repositories, specifically the official pnpm GitHub organization (github.com/pnpm/pnpm). These references are documented neutrally for informational purposes.
- [COMMAND_EXECUTION]: Provides detailed instructions and examples for standard package management operations using the pnpm CLI, such as 'pnpm install', 'pnpm run', and 'pnpm exec'. These are core functionalities of the documented tool.
- [REMOTE_CODE_EXECUTION]: Documents the 'pnpm dlx' command, which enables the execution of packages directly from the registry without permanent local installation, analogous to 'npx'.
- [CREDENTIALS_UNSAFE]: Includes examples of '.npmrc' configuration for authentication tokens. The examples correctly use environment variable placeholders (e.g., '${NPM_TOKEN}') rather than hardcoded secrets, following security best practices.
- [COMMAND_EXECUTION]: References the use of '.pnpmfile.cjs' hooks, which allow for JavaScript-based customization of the dependency resolution process. This is presented as an advanced feature for package metadata modification.
Audit Metadata